Alert (AA22-137A): Weak Security Controls and Practices Routinely Exploited for Initial Access

Alert (AA22-137A)

Weak Security Controls and Practices Routinely Exploited for Initial Access

CISA Alert Published May 17, 2022:

Summary

Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues. This advisory was coauthored by the cybersecurity authorities of the United States,[1],[2],[3] Canada,[4] New Zealand,[5],[6] the Netherlands,[7] and the United Kingdom.[8]

Download the PDF version of this report (pdf, 430kb).

Or read the full alert online at https://www.cisa.gov/uscert/ncas/alerts/aa22-137a

CrowdStrike catches insider feeding information to ScatteredLapsus$Hunters
Threat actors have reportedly launched yet another campaign involving an application connected to Salesforce
Report released on PowerSchool cyber attack
Sue The Hackers – Google Sues Over Phishing as a Service
Five major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill
From bad to worse: Doctor Alliance hacked again by same threat actor (2)

Summary

Related: